It is important to understand how to make sure your telehealth video app is HIPAA compliant so that your patients’ information can be secured properly. For discussion purposes, we will consider a telehealth application where patients may search for doctors and then schedule a video consultation with them.

To keep it simple, let’s focus on the healthcare provider directory and the patient’s video consultation. When the patient is booking a consultation with their doctor, these are example areas that should be considered private information:

  • Patient name and username
  • Patient zip code and region they are searching
  • Patient address
  • Patient account information
  • Any notes the patient has on their profile about past treatments or medical conditions.
  • Reviews of the doctor by past patients must be anonymized. No usernames or dates of treatments should be shared by past patients. A 1-5 star rating is fine, but a testimonial that identifies the past patient or shares details about their treatment is unacceptable.
  • Details on numbers of patients treated in the past by that doctor in a particular region
  • Any payment information or healthcare plan information supplied by the patient must be protected.

Once the patient is speaking with the doctor in the video chat session, a tool with the following features ensures that patient information is protected:

  • Video chat must be secure and encrypted (WebRTC helps with this since the video/audio transmission are encrypted in-transit).
  • Any recordings of the session should be done only with patient consent and must be securely stored so that others cannot access it without proper authorization.
  • Any text chat between provider/patient should be encrypted if stored in a database, or not stored at all.
  • Any notes that the provider or patient take in the tool should also be encrypted and treated as an electronic medical record private to that patient.
  • Any files exchanged between the provider and patient must be encrypted in-transit (the WebRTC Data Channel can do this) and, if stored, must be securely stored with only access to authorized users.
  • If any images or screenshots are saved in the application, they must also be securely stored and only accessible to authorized users.

Learn More

Think a telehealth solution may be right for your healthcare business?

We have a telehealth platform that is already built and can be quickly white-labeled and licensed for your use.  We have decades of experience with over 200,000 hours invested in building real-time applications. You can read a client testimonial here.

Contact us today. We’ll help you get your user-friendly, HIPAA-compliant app up and running with both the provider and patient in mind.

Recent Blog Posts